LinkedIn scams – how to spot fake connection requests

John E Dunn |
June 28, 2016

Bogus LinkedIn accounts are now a major security risk. Here are some tips for spotting fake accounts and connections

LinkedIn users need to be very careful about connections

LinkedIn scams and spam have become a major nuisance for anyone using the professional world's most popular networking service. The problem is that the site's whole raison d'être is based on optimistic networking and that eventually involves being contacted or interacting with unknown users. Without that dimension most LinkedIn users' contact lists would barely stretch beyond 50 at most. Compounding this is that even trustworthy contracts can create weaknesses. The fact that you trust or personally know a fellow LinkedIn user doesn't mean they won't themselves accept a request from someone dubious, potentially opening a gateway for you to receive scam InMail depending on your account security and privacy settings.

LinkedIn scams - be incredibly careful about invitations

LinkedIn threats can be divided into two types: Bogus connection requests from fake users within the service and Email phishing attacks outside LinkedIn that pretend to be connection confirmations. It's tempting to see attacks outside the service as less of a concern but remember how the service works - people send out connection requests and by default these are forwarded to the registered email address. People get used to clicking on them and therein lies the threat.

Webmail services will normally filter LinkedIn phishing emails but one way to identify them is to hover the mouse cursor over the blue 'confirmation' box LinkedIn embeds inside requests and study the web address. Anything that begins 'https://www.linkedin.com' is probably fine. However, a better approach is simply NEVER to accept connection requests from outside LinkedIn, period. Always log on to the service and vet them first.

LinkedIn scams - fake recruiters

Even within LinkedIn, a common technique is to use fake recruiters - security companies regularly document these types of attack. Anyone with more than a few hundred LinkedIn contacts probably has one or two of these bogus accounts hiding within their contact list. The point of these attacks is to persuade a few people to connect to them, which makes them look more legitimate to others as they spread. They also use acceptance as a way to scan for additional and possibly higher-value contacts.

LinkedIn scams - get to know LinkedIn's privacy settings

The simplest way to avoid the scammers is to become less visible using the service's Privacy Controls. Unfortunately, LinkedIn can quickly turn into a privacy labyrinth. The first setting to look for is 'who can send you invitations' (under Privacy Settings > Communications tab). The three options here are 'anyone on LinkedIn' which is recommended but where problems start. The alternatives are only people who already know your email address or appear on an imported contacts list.

The second setting is to specify the types of messages you're willing to receive under the same tab. One way of filtering out some of the recruitments scammers is to uncheck the 'career opportunities' and 'new ventures' boxes.